X509TrustManager with OPENSSL provider is not wrapped with hostname verification if Conscrypt is inserted in the first place (#10375)

Motivation:

Modifications:

Directly specify the provider which is used to create the SSLContext

Result:

Fixes https://github.com/netty/netty/issues/10374
This commit is contained in:
Norman Maurer 2020-06-25 20:38:44 +02:00 committed by GitHub
parent bd577ef52f
commit 9c6c515427
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -29,6 +29,7 @@ import java.lang.reflect.Field;
import java.security.AccessController; import java.security.AccessController;
import java.security.KeyManagementException; import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -152,8 +153,10 @@ final class OpenSslX509TrustManagerWrapper {
X509TrustManager wrapIfNeeded(X509TrustManager manager); X509TrustManager wrapIfNeeded(X509TrustManager manager);
} }
private static SSLContext newSSLContext() throws NoSuchAlgorithmException { private static SSLContext newSSLContext() throws NoSuchAlgorithmException, NoSuchProviderException {
return SSLContext.getInstance("TLS"); // As this depends on the implementation detail we should explicit select the correct provider.
// See https://github.com/netty/netty/issues/10374
return SSLContext.getInstance("TLS", "SunJSSE");
} }
private static final class UnsafeTrustManagerWrapper implements TrustManagerWrapper { private static final class UnsafeTrustManagerWrapper implements TrustManagerWrapper {
@ -180,11 +183,15 @@ final class OpenSslX509TrustManagerWrapper {
} }
} }
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
// This should never happen as we did the same in the static // This should never happen as we did the same in the static block
// before. // before.
PlatformDependent.throwException(e); PlatformDependent.throwException(e);
} catch (KeyManagementException e) { } catch (KeyManagementException e) {
// This should never happen as we did the same in the static // This should never happen as we did the same in the static block
// before.
PlatformDependent.throwException(e);
} catch (NoSuchProviderException e) {
// This should never happen as we did the same in the static block
// before. // before.
PlatformDependent.throwException(e); PlatformDependent.throwException(e);
} }